From owner-freebsd-questions Sun May 27 4:50:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from klima.physik.uni-mainz.de (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by hub.freebsd.org (Postfix) with ESMTP id 153D437B422 for ; Sun, 27 May 2001 04:50:08 -0700 (PDT) (envelope-from ohartman@klima.physik.uni-mainz.de) Received: from klima.Physik.Uni-Mainz.DE (Sturm@klima.Physik.Uni-Mainz.DE [134.93.180.162]) by klima.physik.uni-mainz.de (8.11.3/8.11.3) with ESMTP id f4RBo6k01608 for ; Sun, 27 May 2001 13:50:06 +0200 (CEST) (envelope-from ohartman@klima.physik.uni-mainz.de) Date: Sun, 27 May 2001 13:50:06 +0200 (CEST) From: "Hartmann, O." To: Subject: NIS/YP root permission problems Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Sirs. Maybe my problem is trivial for some of yours, but you may offer help to the stupid ... We have in an scientific environment a growing server architecture. All core systems are based on FreeBSD 4.3-STABLE. All servers belong to a NIS/YP domain and they are under controll of one root! Now we have a growing part of Linux users and several FreeBSD frontiers and they wish to be their own root on their local machines. But they need to participate on the server's filespace. NIS/YP prevents us from running into problems when keeping UID/GID consistent and helping to keep passwords consistent. The usual stuff, in this case. The problem: The 'outsiders' are their own root on their local machines, but they mount the home directory of our institute from the main server. The problem seems to be that if those users belong to a NIS/YP domain, they could 'su' themselfs to root on their local machines and then 'su - USER' su to any user they mounted on by NFS on their local machine and pretend to be another person. So they could compromise others data and so on. Thsi is the reason why I do not want to export our filesystems to those machines due the fact I can not prevent our servers from beeing used as NIS/YP domain controllers from the LAN. The situation is really nasty and I can not change anything due the fact most of the guys around here are really not interested in those problems - but they pay me :-( The only thing keeping systems 'secure' is to avoid exporting disks to untrusted machines using NFS although all UNIX and Linux guys could join the NIS/YP domain because they are on the local network. Kerberos is a hint - but I wish to use Kerberos V and it's not in a usable stage at this time (I can not get the MIT distribution, the new one due the export limitations and Heimdal on FreeBSD seems to be a little bit 'weak'). Are their any solutions to prevent other root Supervisors compromising users on the local fileserver? I export the appropriate filesystems by maproot=nobody:nobody, but that prevents root from getting root access on those filesystems exported by NFS, but if he switch to another user (due its belonging to the same NIS/YP domain) he grants itself full permissions to access the switched user's filespace ... Any suggestions? -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ---------------------------------------------------------------- IT-Administration des Institut fuer Physik der Atmosphaere (IPA) ---------------------------------------------------------------- Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinensaal) Tel: +496131/3924144 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message